使用tcpdump查找ARP中毒机器

Posted on 2007-05-08 by wlx

楼上网络不稳定,有可能是有的机器中了ARP欺骗/病毒。
可以使用tcpdump命令检查看是哪台机器有可能中毒:
tcpdump -nn -i eth0 arp
如果出现如下信息,则说明可能是210.77.68.244感染了arp病毒。

22:42:57.790341 arp who-has 210.77.68.124 tell 210.77.68.244
22:42:57.790348 arp who-has 210.77.68.124 tell 210.77.68.244
22:42:57.813105 arp who-has 210.77.68.135 tell 210.77.68.254
22:42:57.822898 arp who-has 210.77.68.125 tell 210.77.68.244
22:42:57.822906 arp who-has 210.77.68.125 tell 210.77.68.244
22:42:57.852916 arp who-has 210.77.68.126 tell 210.77.68.244
22:42:57.852923 arp who-has 210.77.68.126 tell 210.77.68.244
22:42:57.863858 arp who-has 210.77.68.251 tell 210.77.68.254
22:42:57.885405 arp who-has 210.77.68.127 tell 210.77.68.244
22:42:57.885412 arp who-has 210.77.68.127 tell 210.77.68.244
22:42:57.915324 arp who-has 210.77.68.128 tell 210.77.68.244
22:42:57.915331 arp who-has 210.77.68.128 tell 210.77.68.244

This entry was posted in Linux and tagged , . Bookmark the permalink.

发表评论

电子邮件地址不会被公开。 必填项已用 * 标注

*

您可以使用这些 HTML 标签和属性: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Please copy the string 8zO5Ji to the field below:

以新浪微博帐号登录